Federal Computer Security Act

1/11/2023, 1:29 PM

Federal Computer Security Act

Directs the Inspector General of each executive agency that operates a federal computer system that provides access to classified information or personally identifiable information to submit to the Comptroller General and specified congressional committees a report that includes:

  • a description of the logical access standards used by the agency to access such system, including whether the agency is using multi-factor logical access controls for such access;
  • if the agency does not use such access controls, a description of the reasons for not doing so;
  • a description of the data security management practices used by the agency, including the policies and procedures for conducting inventories of software and associated licenses, an indication that the agency has entered into a licensing agreement for the use of software security controls to monitor and detect threats, or an explanation for why it has not entered such an agreement; and
  • a description of agency policies and procedures for ensuring that entities that provide services to the agency are implementing data security management practices.

Directs the Comptroller General to submit a report on any impediments to agency use of effective security software and security devices.

Congress
114
Number
S - 1990
Introduced on
2015-08-05
# Amendments
0
Sponsors
+5
Cosponsors
+5

Variations and Revisions

8/5/2015
Text
PDF
XML

Status of Legislation

Bill Introduced
Introduced to House
House to Vote
Introduced to Senate
Senate to Vote

Purpose and Summary

Federal Computer Security Act

Directs the Inspector General of each executive agency that operates a federal computer system that provides access to classified information or personally identifiable information to submit to the Comptroller General and specified congressional committees a report that includes:

  • a description of the logical access standards used by the agency to access such system, including whether the agency is using multi-factor logical access controls for such access;
  • if the agency does not use such access controls, a description of the reasons for not doing so;
  • a description of the data security management practices used by the agency, including the policies and procedures for conducting inventories of software and associated licenses, an indication that the agency has entered into a licensing agreement for the use of software security controls to monitor and detect threats, or an explanation for why it has not entered such an agreement; and
  • a description of agency policies and procedures for ensuring that entities that provide services to the agency are implementing data security management practices.

Directs the Comptroller General to submit a report on any impediments to agency use of effective security software and security devices.

Policy Areas
Government Operations and Politics
Potential Impact
Computer security and identity theft
Congressional oversight
Government studies and investigations
Intelligence activities, surveillance, classified information
Right of privacy

Comments

Related

Member:  Orrin G. Hatch
Bill Update Alert:  To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

Recent Activity

Latest Summary11/24/2015

Federal Computer Security Act

Directs the Inspector General of each executive agency that operates a federal computer system that provides access to classified information or personally identifiable information to submit t...

Latest Action8/5/2015
Read twice and referred to the Committee on Homeland Security and Governmental Affairs.